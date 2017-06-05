Last week, developer Adrien Guinet discovered that a handy vulnerability in Windows’ file encryption subsystem was not properly removing the private key used for the encryption from memory, and worked to turn that vulnerability into a tool capable of pulling the private key and transforming it into a format suitable for decrypting affected files without paying the ransom. Windows 10 has a number of internal security measures prepared to deal with these threats and, along with Windows Defender, this operating system is protected from virtually any threat that can be found.

While WannaKey extracted prime numbers that had not been erased from the system and were vital to the decryption key, it required a separate app to transform those bits into the secret key. It also won’t work if WannaCry permanently locks the files after the one-week deadline has passed, he said. Wanawiki needs to run because the ransomware’s prime numbers can be overwritten.

By then, Microsoft had already issued a security update for the exploit, but that fix was not offered to many users running older versions of Windows that no longer received Microsoft support.

Europol said on Twitter that its European Cybercrime Centre had tested the team’s new tool and said it was “found to recover data in some circumstances”. So far, it has hit more than 200,000 computers in 150 countries, crippling hospitals, governments and businesses, Xinhua news agency reported.

It has been said that those running pirated versions of Windows are most likely to have not installed the latest update having been forced to switch off automatic updates in order to prevent Microsoft being alerted that an unofficial version of Windows was being used.

“The infection wave is far from being over“, he wrote.

More than 7 percent of the world’s PCs are still running Windows XP which is the most attacked OS till date. Microsoft still supports Windows 7 and regularly sends out security updates for the operating system.

French researchers have developed a tool to save Windows files encrypted by WannaCry’s ransomware attack.

However, those behind WannaCry have been haphazard in their bolting the ransomware onto the code, something researchers say organised, professional cybercriminal groups wouldn’t do. Cluley said it was understandable that people wanted someone to blame after a malware outbreak as significant as WannaCry.

That SMB worm was powered by an exploit named ETERNALBLUE.

According to the information, dumped online by the cybercriminal gang Shadow Brokers, WannaCry relies on a Windows vulnerability that was being exploited by NSA.